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(54) SOFTWARE PROTECTION CONTROL SYSTEM 

(57) Abstract: 

PURPOSE: To protect software by ciphering a decipher 
key of software with an individual key of a user to 
obtain assent information and enabling only a regular 
user to decipher the decipher key from assent 
information. 

CONSTITUTION: In a software managing part 1, an 
individual key of the regular user is generated by an 
individual key generating part 3 and is reported, and 
software of a normal text is ciphered with the decipher 
key by a software ciphering part 5 to obtain a ciphered 
text, and the decipher key is ciphered with the 
individual key by a key ciphering part 4 to obtain 
assent information. Ciphered text software and the 
decipher key ciphered as assent information are 
transferred to the user. Though software presented from 
the software managing part 1 is copied, deciphering and 
execution without the decipher key are impossible 
because it is ciphered, and thus, software is protected. 
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SPECIFICATION 

1. Title of the Invention 

Software protection control system 

2 . Scope of Claim for a Patent 

A software protection control system comprising a 
software management unit (1) for encrypting and supplying a 
user with software and a software execution unit (2) for 
decrypting and executing said software, characterized in 
that: 

individual keys of users are generated in an individual 
key generating unit (3) of the software management unit (1), 
a software decryption key is encrypted by the individual key 
in a key encryption unit (4) thereby to form authentication 
information, and the software is provided by being encrypted 
by said decryption key in a software encryption unit (5); and 

said authentication information is decrypted by said 
individual key in a key decryption unit (6) of said software 
execution unit (2) thereby to form said decryption key, and 
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said encrypted software is executed by being decrypted in a 
software decryption unit (7) by said decryption key. 
3. Detailed Description of the Invention 

[Summary] 

The present invention relates to a software protection 
control system for preventing the illegal use of various 
computer software, and the object thereof is to permit only 
legitimate users to execute by decrypting the encrypted 
software. 

According to this invention, there is provided a 
software protection control system in which a software 
management unit encrypts the software and supplies it to a 
user, which software is executed by being decrypted in a 
software execution unit, an individual key of the user is 
generated in an individual key generating unit of the 
software management unit, the software decryption key is 
encrypted by the individual key in a key encryption unit 
thereby to form authentication information, the software is 
provided by being encrypted by the decryption key in a 
software encryption unit, the authentication information is 
decrypted by the individual key in the key decryption unit of 
the software execution unit thereby to form the decryption 
key, and the encrypted software is executed by being 
decrypted by the decryption key in a software decryption 
unit . 

[Industrial Field of Utilization] 
The present invention relates to a software protection 
control system for preventing the illegal use of various 
types of computer software. 

Computer software has been more vigorously developed 
than the hardware. Especially, software for personal 
computers has come to be supplied by many software vendors 
and a great number of types of software for personal 
computers are now available. 

The software, however, is not a physical object unlike 
hardware, and is easily duplicated. Even a newly developed 
software, therefore, can be used easily by other than 
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legitimate users by duplication making it impossible to 
defend the interest of the vendor of the software. 

Desirably, therefore, only the legitimate user of a 
given software can execute the software. 

[Prior Art] 

The software protection control system for the personal 
computer can be classified into, for example, (1) a system 
based on software, (2) a system using both hardware and 
software, and (3) other systems. The system (1) based on 
software is the one in which certain information is written 
in that part of the storage area such as a floppy disk 
storing the software which cannot be copied by a command 
supported by the OS (operating system), and at the time of 
starting to execute the software, the data is read from the 
particular part of the area. In the case where the data 
fails to coincide with set data, the execution of the 
particular data is inhibited. 

In the system (2) using hardware, on the other hand, 
exclusive hardware is set in an expansion slot or the like to 
determine whether the execution of the software is possible 
or not so that only the legitimate user can use the 
particular software. The personal computer in which the 
particular hardware is not set cannot of course execute the 
software . 

In one of the other systems (3) so far proposed, a 
program for authentication conditions describing the 
conditions for using the encrypted software is prepared, and 
in the case where a given condition fails to meet the 
authentication conditions, the software associated with the 
failing condition cannot be executed. This system is 
explained in "Proposition of Software Service System (SSS) M , 
Journal of the Institute of Electronics, Information and 
Communication Engineers, January 1987, Vol. J70-D, No. 1, pp. 
7 0-81, and "Minor Test Production of Software Service System 
(SSS)", Journal of the Institute of Electronics, Information 
and Communication Engineers, February 1987, Vol. J70-D, No. 
2, pp. 335-345. 
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[Problem to be Solved by the Invention] 
The conventional system (1) based on software described 
above poses the problem that copies for all the areas is 
possible by using a hardware copying machine, thereby leading 
to the disadvantage that a great amount of duplicates can be 
produced and therefore the software cannot be sufficiently 
protected . 

In the system (2) using hardware at the same time, on 
the other hand, the user is required to purchase the hardware 
for software protection, resulting in the disadvantage of an 
increased burden on the user. 

The other systems (3) having a program for 
authentication conditions use a common credit or the like, 
and therefore the software distribution route is required to 
be changed. Another disadvantage is the requirement of 
exclusive hardware called SSSBOX for managing the right to 
execute the software, thereby leading to the problem of a 
bulky device and an increased burden on the user. 

The present invention is intended to provide a system in 
which only the legitimate user can execute by decrypting the 
encrypted software . 

[Means for Solving the Problem] 

In the software protection control system according to 
this invention, the software decryption key is encrypted by 
an individual key of the user to prepare authentication 
information, from which the decryption key can be decrypted 
by only the legitimate user. The invention will be explained 
with reference to Fig. 1. 

In a software protection control system using the 
software management unit 1 for encrypting and supplying the 
user with software and the software execution unit 2 for 
executing by decrypting the software, an individual key for 
the user is generated in the individual key generating unit 3 
of the software management unit 1, and the decryption key is 
encrypted in the key encryption unit 4 by this individual key 
thereby to form authentication information, while at the same 
time encrypting and supplying the user with the software by 
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the decryption key in the software encryption unit 5. 

The user decrypts the authentication information by the 
individual key in the key decryption unit 6 of the software 
execution unit 2 thereby to form a decryption key. By using 
this decryption key, the encrypted software is executed by 
being decrypted in the software decryption unit 7. 

[Operation] 

The software management unit 1, generating the 
individual key for the legitimate user in the individual key 
generating unit 3, notifies the legitimate user. Also, the 
software of common statements is encrypted by a decryption 
key in the software encryption unit 5, and the decryption key 
is encrypted in the key encryption unit 4 by the individual 
key thereby to form authentication information. The software 
of encrypted statements and the decryption key encrypted as 
authentication information are delivered to the user. 

Thus, the software supplied from the software management 
unit 1 is encrypted in this way, and therefore, even if 
duplicated, cannot be decrypted for execution without the 
decryption key. In this way, the software can be protected. 

On the other hand, the legitimate user can decrypt the 
authentication information in the key decryption unit 6 using 
the individual key, and can acquire the decryption key. 
Thus, the software of encrypted statements is decrypted into 
the software of common statements in the software decryption 
unit 7 using the decryption key for execution. In this way, 
only the legitimate user can execute the software. 

[ Embodiments ] 

An embodiment of the invention will be explained below 
in detail with reference to the drawings. 

Fig. 2 is a diagram for explaining the software 
management unit according to an embodiment of the invention. 
Numeral 11 designates a software of common statements stored 
in a floppy disk or the like, numeral 12 an encryption 
processing unit, numeral 13 a write unit, numeral 14 the 
software of encrypted statements stored in a compact disk 
(CD) or the like, numeral 15 a random number generator for 
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generating an encryption key (decryption key for the user 
side) added to the encryption processing unit 12, numeral 16 
a key management table unit for registering the software name 
and a corresponding encryption key, numeral 17 a user 
individual key generating unit for generating an individual 
key for the user from the identification information ID of 
the user, numeral 18 an authentication information generating 
unit for generating the authentication information by 
encrypting the encryption key with the individual key, 
numeral 19 a validation disk, and numeral 20 a validation 
table unit in the validation disk 19. 

The encryption processing unit 12 corresponds to the 
software encryption unit 5 in Fig. 1, the user individual key 
generating unit 17 corresponds to the individual key 
generating unit 3 in Fig. 1, and the authentication 
information generating unit 18 corresponds to the key 
encryption unit 4 in Fig. 1. 

The common statement software 11 prepared by the 
software vendor or the like is encrypted in the encryption 
processing unit 12. In -that case, the random number from the 
random number generating unit 15 is used as an encryption 
key. The encryption system such as the common cryptography 
system such as DES (data encryption standard) can be used. 
This DES system is for carrying out encryption and decryption 
for every data block of 6 4 bits, and has a key length of 56 
bits to which 8 parity bits are added. 

The software is encrypted by the encryption processing 
unit 12, and after being written in the floppy disk, the 
compact disk (CD) or the like by the write unit 13, supplied 
to the user as encrypted statement software 14. In the case 
where the compact disk is used, the very large storage 
capacity thereof permits a plurality of types of encrypted 
statement software to be written therein. 

The encryption key from the random number generating 
unit 15 and the name of a corresponding software to be 
encrypted are registered in the key management table unit 16. 
In the shown case, for example, the software name "TOWNS 
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PAINT" and a corresponding encryption key of 64 bits in 
length are registered as " 2F6E8 94D3CE08DAC " in hexadecimal 
notation. In similar fashion, the software name "TOWNS VNET" 
and a corresponding encryption key having a length of 64 bits 
are registered as " 983ECA56E7F8E781" in hexadecimal notation. 

In the case where the user purchases the software named 
"TOWNS PAINT", for example, an individual key is generated by 
the user individual key generating unit 17 based on the 
identification information ID of the personal computer of the 
user. In the case where the software execution unit 2 of the 
user has no individual key generating unit, the individual 
key is delivered to the user in a strictly controlled state. 
Using this individual key, the encryption key of the software 
name "TOWNS PAINT" is encrypted in the authentication 
information generating unit 18 thereby to form authentication 
information. This authentication information is registered 
in the validation table unit 20 of the validation disk 19. 
Specifically, as shown in the figure, the software name 
"PAINT. ENC" of the encrypted statement software and the 
authentication information "522E3ABC453F2E9A" thereof are 
registered, and this validation disk 19 is delivered to the 
user. 

Fig. 3 is a processing flowchart for the software 
management unit according to an embodiment of the invention. 
It is determined whether the software encryption processing 
or the authentication information issue processing is 
involved ©, and in the case of the software encryption 
processing, a random number is generated from the random 
number generating unit 15 ®, and the particular random 
number is registered as an encryption key in the key 
management table unit 16 ®. Using this encryption key, the 
software is encrypted in the encryption processing unit 12 
®, and the encrypted statement software is written by the 
write unit ®. 

In the case of the authentication information issue 
processing, on the other hand, the encryption key 
corresponding to the software name is read out by referring 
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to the key management table unit 16 <D, an individual key is 
generated based on the user identification information ID in 
the user individual key generating unit 17 ®, the encryption 
key is encrypted using this individual key and registered in 
the validation table unit 20 ®, and this is issued to the 
user as authentication information (D. 

Fig. 4 is a diagram for explaining the software 
execution unit according to an embodiment of the invention. 
Numeral 21 designates a validation disk (corresponding to 
numeral 19 in Fig. 2) issued from the software management 
unit, numeral 22 a validation table unit, numeral 23 an 
authentication information registration unit, numeral 24 a 
validation disk for the user, numeral 25. a validation table 
unit for the user, numeral 2 6 an individual key generating 
unit for the user, numeral 2 7 a key decryption unit, humeral 
28 a decryption processing unit, numeral 29 an encrypted 
statement software (corresponding to numeral 14 in Fig. 2), 
numeral 3 0 a common statement software, and numeral 31 an 
execution unit. 

The authentication information registration unit 23, the 
user validation table unit 25, the user individual key 
generating unit 26, the key decryption unit 27, the 
decryption processing unit 2 8 and the execution unit 31 can 
be implemented by the processing functions of, for example, 
the personal computer of the user. 

The validation table unit 22 of the validation disk 21 
corresponds to the validation table unit 20 of the validation 
disk 19 in Fig. 2. For example, the encrypted software name 
"PAINT . ENC" and the corresponding authentication information 
are written in. The software name of the encrypted statement 
software and the authentication information thereof are 
additionally registered in the user validation table unit 25 
of the user validation disk 24 in the authentication 
information registration unit 23. 

It is shown that the user has purchased the software 
named "FB3 86 .ENC", "FNET .ENC" and "SOUND .ENC", the 
software names and the authentication information thereof are 
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already registered in this user validation table unit 25, and 
the name "PAINT . ENC" of the software purchased now and the 
authentication information thereof are read from the 
validation table unit 22 and registered in the user 
validation table unit 25. 

Also, individual information is generated in the user 
individual key generating unit 26 based on the user 
identification information ID. In the absence of this 
function, the individual key is received from the software 
management unit 1 under a strictly controlled state. Once 
the user designates the name of the software to be executed, 
the authentication information corresponding to the 
designated software name is read from the validation table 
unit 2 5 and added to the key decryption unit 27. Thus, the 
authentication information is decrypted by the individual key 
of the user thereby to form a decryption key. The designated 
software is decrypted by this decryption key in the 
decryption processing unit 28 thereby to form the common 
statement software which is executed in the execution unit 
31. This decryption processing is performed sequentially for 
each step executed in the execution unit 31. 

Fig. 5 is a processing flowchart for the software 
execution unit according to an embodiment of the invention. 
It is determined whether the authentication information is 
registered or executed @, in the former case, the 
authentication information is registered in the user 
validation table unit 25 ©, in the case where the 
authentication information is executed, on the other hand, 
the authentication is checked to see whether the 
authentication information corresponding to the designated 
software name is registered or not ©, and in the case where 
the authentication information is not registered, permission 
is not given. In the case where the authentication 
information is registered, on the other hand, the user 
individual key is generated @, the key is decrypted by 
decrypting the authentication information with the individual 
key ©, the designated software is decrypted with the 
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decryption key @, and the software thereof is executed ©. 

All the steps or only important steps of the software 
can be encrypted. In the latter case, the decryption process 
is simplified. The validation table units 20, 22 of the 
validation disks 19, 21 can be delivered to the user also by 
other means than the floppy disk. A notification can be 
given, for example, using the communication network of the 
personal computer . 

[Effects of the Invention] 
As described above, according to this invention, an 
individual key is generated in the individual key generating 
unit 3 of the software management unit 1, the decryption key 
is encrypted by the key encryption unit 4 using the 
individual key thereby to form authentication information, 
and the software is encrypted by the software encryption unit 
5 using the decryption key. On the user side, the 
authentication information is decrypted by the key decryption 
unit 6 of the software execution unit 2 using the individual 
key thereby to form a decryption key, and the encrypted 
statement software is executed by being decrypted in the 
software decryption unit 7. In this way, the software is 
encrypted, and the decryption key thereof is also encrypted 
by the individual key of the user. Even in the case where 
the software is duplicated, the decryption key cannot be 
acquired from the authentication information and therefore 
the particular software cannot be executed by other than the 
legitimate user. In this way, the software can be protected. 

Also, the registration and the decryption of the 
authentication information can be easily supported by the OS, 
and no special hardware is not required by the user. 
Therefore, the burden on the user is not increased. 

Further, a plurality of types of encrypted software can 
be written collectively in a medium of large capacity (such 
as a compact disk), and the authentication information 
corresponding to only the software purchased by the user can 
be issued. Therefore, the software distribution cost can be 
reduced. Also, the software management unit 1 can easily 



- 16 - 




manage the issue of the authentication inf ormation, and 
therefore the state on the part of the user can be easily 
known . 

4. Brief Description of the Drawings 

Fig, 1 s a diagram for explaining the principle of the 
present invention, Fig. 2 is a diagram for explaining the 
software management unit according to this invention, Fig. 3 
is a processing flowchart for the software management unit 
according to the invention, Fig. 4 is a diagram for 
explaining the software execution unit according to an 
embodiment of the invention, and Fig. 5 is a processing 
flowchart for the software execution unit according to an 
embodiment of the invention. 

1 designates the software management unit, 2 the 
software execution unit, 3 the individual key generating 
unit, 4 the key encryption unit, 5 the software encryption • 
unit, 6 the key decryption unit, and 7 the software 
decryption unit. 
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